Encouraging Trend: Judges Can’t “Stand” Online Privacy Class Actions

In their never-ending search for the next big thing, class action plaintiffs’ lawyers had high hopes for suits alleging various violations of Internet users’ “privacy.” All of the prerequisites for a big award seem to be present: (1) lots of class members; (2) easy-to-understand facts; (3) large, profit-seeking corporations; (4) sympathetic media coverage; and (5) an enforcement void (or the impression of one) left by state and federal regulators who talk more about protecting privacy than actually regulating.

But as two federal district court rulings in the waning days of 2012 reflect, online privacy class actions have generally been missing one other key element for success: actual harm. As we have addressed here several times in the past (here and here), thanks to that annoying constitutional “case or controversy” requirement, plaintiffs who don’t suffer a concrete loss or injury don’t have standing to be in federal court in the first place. Judges have thankfully been quite demanding when applying this concept in an area like online privacy litigation, where the concept of “privacy” can be very subjective and slippery.

For instance, consider the December 28, 2012 decision in In re Google Inc. Privacy Policy Litigation. Suing on behalf of everyone in the U.S. who has a Google account or owns an Android device, the plaintiffs claimed that the company’s consolidation of its separate privacy policies (and thus the ability to access user information across Google services) violated various federal and state laws and common law protections. The plaintiffs advanced numerous theories of harm, all of which the judge rejected. Android device owners could not claim they were financially harmed by having to buy a replacement device because no proof was offered that any class member actually did buy a replacement. Nor could Google service users claim harm based on “abstract concepts” such as loss of control of personal information or fear that their data might be used against their interests.

In another late 2012 ruling, Pirozzi v. Apple, a federal trial court similarly dismissed plaintiffs’ privacy-related claims for lack of standing. According to the complaint, Apple allegedly violated federal, state, and common laws by failing to prevent third-party applications sold on its App Store from uploading user information from mobile devices. The alleged injury here? First, Apple “misled” the plaintiffs into buying Apple mobile devices by falsely claiming their devices were “safe and secure.” As a result, plaintiffs’ information is at greater risk of being misappropriated.

On the first claim, the court agreed that bearing such a financial cost would constitute an injury, but only if the plaintiffs could show which particular statements of device safety they relied upon. Their complaint provided no such information. On the second claim, the court cited to the growing list of precedents which relate that mere “fear” of misappropriation of personal information is insufficient to establish standing to sue.

It’s unlikely we’ve heard the last of these cases, however, since both judges allowed the plaintiffs to amend and refile their complaints. No doubt the lawyers will continue the “throw lots of spaghetti against the wall” approach common to class actions, and hope some allegations stick. Such tactics waste precious judicial resources and divert companies’ attention and money from pro-consumer innovation and growth.

What’s worse, as Santa Clara University law professor Eric Goldman argued in a superb Working Paper last year, online privacy advocates should abhor class action litigation, as they utilize the same tactics those advocates despise. As he argues, class actions: (1) are typically opt-out, rather than opt-in; (2) provide plaintiffs with little meaningful notice or control; and (3) are gamed by lawyers who maximize their own financial interests over the interests of the class.

While litigating these suits is certainly a poor use of company resources, we hope that privacy class action defendants keep pushing back against the spaghetti-throwing lawyers, rather than settling for nuisance value. Court decisions such as In re Google and Pirozzi should help encourage them to do so.